[Catalyst] Large static files behind Authorisation

Ash Berlin ash_cpan at firemirror.com
Sun Jan 4 13:53:11 GMT 2009

On 4 Jan 2009, at 13:50, Ash Berlin wrote:

> On 4 Jan 2009, at 08:48, Trevor Phillips wrote:
>> I'm working on a Catalyst application, and one of the requirements  
>> is to deliver large-ish files to authorised users only. I'm a bit  
>> wary about passing through large files in a framework I don't know  
>> the intricacies of, since a mishandled large file can explode  
>> memory usage of a daemon. However, the usual "let Apache/proxy  
>> handle it" solution bypasses the required Authorisation phase.
>> I'm currently trying to use Catalyst::Plugin::Static::Simple, which  
>> has a documented function serve_static_file to serve a static file  
>> from a Controller. However, I am getting an error as the TT View is  
>> still trying to apply a default template.
>> Is there an easy way to turn off the TT View, and have the file  
>> properly treated as static content in an efficient manner by  
>> Static::Simple?
>> My usual solution to this problem would be to implement  
>> Authentication as a mod_perl Access handler over static content,  
>> but the host provider won't give access to random mod_perl libs -  
>> and I'm quite happy with Catalyst's Auth infrastructure for  
>> everything else...
>> Thanks...
> (Not terribly useful to you since I guess you are using Apache,  
> but:) what I'd do here is make use of Lighttpd's X-SendFile response  
> header: http://blog.lighttpd.net/articles/2006/07/02/x-sendfile
> I'm sure nginx has something similar, but as far as I'm aware apache  
> doesn't
> -ash

At least not as part of the core distribution anyway: http://tn123.ath.cx/mod_xsendfile/

More information about the Catalyst mailing list